An update that solves 8 vulnerabilities and has 19 fixes is
now available.

Description:

The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive
various security and bugfixes.

The following security bugs were fixed:

- CVE-2017-5715: Systems with microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized
disclosure
of information to an attacker with local user access via a side-channel
analysis (bnc#1068032).

The previous fix using CPU Microcode has been complemented by building
the Linux Kernel with return trampolines aka "retpolines".

- CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a
denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact because the port->exists value
can change after it is validated (bnc#1077922).
- CVE-2015-1142857: Prevent guests from sending ethernet flow control
pause frames via the PF (bnc#1077355).
- CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive
information from kernel memory, aka a write_mmio stack-based
out-of-bounds read (bnc#1073311).
- CVE-2017-13215: Prevent elevation of privilege (bnc#1075908).
- CVE-2018-1000004: Prevent race condition in the sound system, this could
have lead a deadlock and denial of service condition (bnc#1076017).
- CVE-2017-17806: The HMAC implementation did not validate that the
underlying cryptographic hash algorithm is unkeyed, allowing a local
attacker able to use the AF_ALG-based hash interface
(CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm
(CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by
executing a crafted sequence of system calls that encounter a missing
SHA-3 initialization (bnc#1073874).
- CVE-2017-17805: The Salsa20 encryption algorithm did not correctly
handle zero-length inputs, allowing a local attacker able to use the
AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to
cause a denial of service (uninitialized-memory free and kernel crash)
or have unspecified other impact by executing a crafted sequence of
system calls that use the blkcipher_walk API. Both the generic
implementation (crypto/salsa20_generic.c) and x86 implementation
(arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable
(bnc#1073792).